How to Handle Email Delivery Failures and Bounces in WHM

Overview

Email delivery failures in WHM are one of the most common support tickets we see. A bounce means the receiving mail server rejected your message and sent back an error. These failures can happen server-wide or affect just one domain, and they almost always leave a clear trail in the logs if you know where to look.

Most WHM servers run Exim as the mail transfer agent (MTA). Understanding how Exim queues, delivers, and reports on mail is the foundation of diagnosing any bounce. Whether you’re a reseller managing client accounts or a sysadmin on a dedicated server, the troubleshooting process is the same.

This article covers how to read bounce messages, trace delivery through WHM’s built-in tools and the Exim log, clear stuck queues, and fix the underlying DNS or reputation issues that cause most failures.

Prerequisites

• WHM root or reseller access (some steps require root)
• SSH access for log-level diagnostics (recommended but not mandatory)
• Basic familiarity with DNS records (SPF, DKIM, PTR)
• cPanel/WHM version 108 or later (steps are consistent across recent releases)
• The bounced email address and approximate send time — you’ll need these to search logs efficiently

Step-by-Step Instructions

Step 1: Read the Bounce Message First

Before opening WHM, read the full bounce message that came back to the sender. Most modern mail clients hide the full SMTP response behind a vague subject line, but the original bounce email contains the actual error code and reason.

Look for a 3-digit SMTP code and a description. Here’s what the first digit tells you:

• 4xx — Temporary failure. The receiving server is asking the sender to retry later. Could be a rate limit, greylisting, or a temporary DNS issue.
• 5xx — Permanent failure. The receiving server is rejecting the message outright. This needs a fix before retrying.

Common 5xx codes you’ll actually encounter:

• 550 — User doesn’t exist, or the sending IP is blacklisted
• 553 — The sender address failed policy checks (often SPF)
• 554 — Transaction failed — catch-all for content filters, spam policies, or reputation blocks

Step 2: Check the Exim Mail Queue in WHM

1. Log in to WHM and navigate to Email > Mail Queue Manager.
2. You’ll see a list of queued messages with their delivery status. A message stuck in the queue with repeated retry attempts usually has a 4xx error holding it.
3. Click on any message ID to see the full delivery log for that message, including the remote server’s exact response.
4. To flush the entire queue and force a retry attempt on all deferred messages, click Run Exim Queue Runner at the top of the page.

📝 Note: Flushing the queue doesn’t fix the underlying problem. If the receiving server is blocking your IP, retrying will just burn through your retry budget faster. Diagnose first, flush second.

Step 3: Search the Exim Logs Directly

WHM’s UI is useful for a quick look, but the raw Exim log gives you far more detail. The main log lives at /var/log/exim_mainlog.

To find all log entries related to a specific sender or recipient, use grep with the email address:

grep "user@example.com" /var/log/exim_mainlog | tail -50

To find bounces (messages that were rejected), look for lines containing rejected or R= flags:

grep "rejected" /var/log/exim_mainlog | grep "example.com" | tail -30

A typical rejected delivery line looks like this:

2025-11-14 09:22:17 1tKwXm-0003aR-Hg ** recipient@remotedomain.com R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO: 550 5.7.1 Service unavailable; Client host [198.51.100.45] blocked using Spamhaus SBL

That single line tells you the message ID, the timestamp, the recipient, and the exact rejection reason from the remote server. In this case, the sending IP is on the Spamhaus SBL blacklist.

Step 4: Check Your Sending IP Reputation

A blacklisted IP is the most common cause of 550 rejections. On a shared or VPS server, one abusive account can get the entire server’s IP listed.

Check your main outgoing IP against the major blocklists:

curl -s "https://api.stopforumspam.org/api?ip=YOUR.SERVER.IP&json" | python3 -m json.tool

Also check manually at MXToolbox Blacklist Check — it queries 100+ lists at once and shows which ones flagged you.

If you’re listed, identify the abusive account first. Remove the listing without fixing the source and you’ll be relisted within days.

# Find the top sending accounts on your server
/usr/sbin/exim -bp | grep "^[0-9]" | awk '{print $4}' | sort | uniq -c | sort -rn | head -20

⚠ Warning: If you’re on a shared hosting plan and your IP is being listed due to another tenant’s activity, contact Host & Tech support — we can investigate the source and, if necessary, assign a dedicated outbound IP for your account.

Step 5: Verify SPF, DKIM, and PTR Records

Even if your IP isn’t blacklisted, missing or broken DNS records will cause rejections at strict receivers like Google Workspace and Microsoft 365.

Check SPF from the command line:

dig TXT yourdomain.com +short

A valid SPF record looks like this:

"v=spf1 ip4:198.51.100.45 include:_spf.hostandtech.com ~all"

Check DKIM by querying the selector your server uses (default in cPanel is default._domainkey):

dig TXT default._domainkey.yourdomain.com +short

Check the PTR (reverse DNS) record for your server IP:

dig -x YOUR.SERVER.IP +short

The PTR result should resolve back to a hostname that resolves forward to the same IP. Mismatched PTR records are a major red flag for receiving mail servers and will cause silent filtering or outright rejection at some destinations.

📝 Note: PTR records are set at the IP level, not in your domain’s DNS zone. On a VPS or dedicated server at Host & Tech, you can set your PTR record through the client portal or by raising a support ticket.

Step 6: Delete or Bounce Stuck Messages from the Queue

If you’ve identified spam or malformed messages clogging the queue, remove them. Don’t let a queue of 10,000 stuck messages pile up — Exim’s performance degrades significantly above a few thousand queued messages.

To remove all frozen messages (messages Exim has given up retrying):

exiqgrep -z -i | xargs exim -Mrm

To remove all messages from a specific sender address:

exiqgrep -f "abuser@yourdomain.com" -i | xargs exim -Mrm

⚠ Warning: exim -Mrm permanently deletes messages. There’s no undo. If you’re unsure, use exim -Mvh MESSAGE_ID first to view the message headers before removing.

Common Issues and Troubleshooting

550 5.7.1 — IP Blocked by Spamhaus or Similar

Your server’s outgoing IP is on a real-time blocklist (RBL). The remote server is enforcing that list as a policy. Fix the root cause (compromised account, open relay, spam script) first, then request delisting through the specific blocklist’s removal form. Most major lists process legitimate removal requests within 24 hours.

Emails to Gmail or Outlook Silently Disappear

These providers rarely bounce — they just silently drop mail they don’t trust. This is genuinely frustrating because there’s no bounce to trace. Check your DMARC alignment, make sure DKIM is signing correctly, and verify your sending domain has a DMARC record published. Use Google Postmaster Tools (free) to see your domain’s reputation score with Gmail directly.

Mail Queued but Never Delivered — “Retry Time Not Reached”

Exim uses an exponential backoff for retries. If a message failed once, Exim won’t retry immediately. You’ll see retry time not reached in the queue. This is normal behaviour. To force an immediate retry: exim -qff from the command line. The double f forces frozen messages to retry too.

exim -qff

Sender Address Rejected — “Relay Not Permitted”

This usually means the mail client is trying to send through your server without authenticating, or it’s using a sender domain that isn’t hosted on that server. In WHM, check Exim Configuration Manager > Basic Editor and confirm that SMTP AUTH is enabled. Also verify the account’s SMTP credentials are correct in the mail client.

Large Attachments Bouncing with 552 or 554

The receiving server has a size limit and your message exceeded it. The bounce will include something like 552 5.3.4 Message size exceeds fixed maximum. This is a policy decision on the receiver’s end — you can’t override it. Ask the recipient to use a file sharing service instead, or check if your Exim message size limit is set too low for your own users in WHM > Exim Configuration Manager > Message Size Limit.

Additional Resources

If you’re managing email for multiple clients, a Reseller Hosting plan gives you WHM access to manage Exim settings, DNS zones, and email accounts across all your clients from one interface — without needing a full dedicated server.